Privacy Policy

Last Updated: April 29, 2025

This Privacy Policy describes how Max-Ability.com (the “Website”) collects, uses, and shares personal information, including Protected Health Information (“PHI”) as defined under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), of users and visitors of our Website. We are committed to protecting your privacy and ensuring our online resources are accessible to everyone, including individuals with disabilities. By accessing or using our Website, you consent to the data practices described in this policy and acknowledge our commitment to accessibility.  

1. Information We Collect

We may collect the following types of information from you:

• Information You Provide Directly:
  • Contact Information: This may include your name, email address, phone number, mailing address, and any other information you provide when you contact us through the Website, such as through contact forms or email.  
  • Account Information: If you create an account on our Website (if applicable), we may collect your username, password, and other information related to your account.
  • Health-Related Information (Potential PHI): Depending on the services offered on our Website, you may provide information related to your health or medical conditions. We will handle this information as PHI in accordance with HIPAA where applicable. This might include information provided through forms, surveys, or communication related to specific health inquiries.
  • Order Information: If you make a purchase through our Website (if applicable), we may collect your billing and shipping information, payment details (though this may be processed by a third-party payment processor), and details of your purchases.
  • Communications: Records of your correspondence with us, including emails and chat logs.
  • User-Generated Content: Any content you post, upload, or otherwise submit to our Website, such as comments, reviews, or forum posts (if applicable). Please be mindful of the information you share publicly, especially health-related information.
• Information Collected Automatically:
  • Log Data: Our servers automatically record information when you access or use our Website, including your IP address, browser type, operating system, referring URL, pages visited, and the dates and times of your visit.  
  • Cookies and Similar Technologies: We may use cookies, web beacons, and other tracking technologies to collect information about your browsing activities on our Website. Cookies are small data files stored on your device that help us remember your preferences and improve your experience. You can control the use of cookies at the individual browser level. We strive to ensure our use of cookies is implemented in an accessible manner.  
  • Device Information: We may collect information about the device you use to access our Website, including the device model, operating system, and unique device identifiers.
  • Location Information: With your consent, we may collect precise location data from your device.  

2. How We Use Your Information, Including PHI

We may use your personal information, including PHI, for various purposes, including:

• To Provide and Maintain Our Website: To operate our Website, provide you with access to its features, and ensure its proper functioning in an accessible manner for all users.
• To Communicate with You: To respond to your inquiries, provide customer support, and send you administrative information, such as updates to our policies and information related to your health inquiries or services you are receiving. When communicating about PHI, we will do so in a manner that complies with HIPAA regulations.
• To Provide Healthcare-Related Services: If our Website offers healthcare-related services, we may use your information, including PHI, to provide those services, which may include consultations, information sharing, and support. This use will be in accordance with HIPAA.
• To Process Transactions: To process your orders and payments (if applicable) and fulfill your requests.
• To Personalize Your Experience: To tailor the content and information we display to you, offer personalized features, and understand how you use our Website, ensuring accessibility considerations are integrated into personalization efforts.
• To Improve Our Website and Services: To analyze usage trends, monitor the effectiveness of our content, and make improvements to our Website’s design, functionality, and accessibility for all users.
• For Marketing and Promotional Purposes: With your consent where required by law, we may send you promotional emails and other marketing communications about our products, services, and offers. You can opt-out of receiving these communications at any time. We will strive to ensure marketing materials are accessible.  
• To Protect Our Rights and Safety: To detect, investigate, and prevent fraudulent or illegal activities, enforce our Terms of Service, and protect our rights and the rights of others.
• To Comply with Legal Obligations: To comply with applicable laws, regulations, legal processes, or government requests, including HIPAA regulations related to the disclosure of PHI.

3. How We Share Your Information, Including PHI

We may share your personal information, including PHI, with third parties in the following circumstances:

• Service Providers (Business Associates under HIPAA): We may share your information, including PHI, with third-party service providers who assist us in operating our Website, conducting our business, or providing services to you, such as website hosting, data analysis, email delivery, payment processing, and customer support. When these service providers have access to PHI, we will enter into Business Associate Agreements (BAAs) with them as required by HIPAA to ensure the privacy and security of your PHI.  
• Healthcare Providers: If you are receiving healthcare services through our Website, we may share your information, including PHI, with other healthcare providers involved in your care, as permitted or required by HIPAA.
• Business Transfers: If we are involved in a merger, acquisition, sale of assets, or other business transaction, your information, including PHI, may be transferred as part of that transaction. We will comply with HIPAA regulations regarding such transfers. We will notify you if your personal information becomes subject to a different privacy policy as a result of such a transaction.  
• Legal Compliance and Protection: We may disclose your information, including PHI, to government authorities, law enforcement agencies, or other third parties if we believe it is necessary to comply with a legal obligation, protect our rights or property, investigate fraud or illegal activity, protect the safety of our users or others, or as required by HIPAA (e.g., for law enforcement purposes under specific circumstances).  
• With Your Authorization: We may share your PHI with third parties based on your written authorization, as required by HIPAA.
• Aggregated and Anonymized Data: We may share aggregated or anonymized information that does not directly identify you, including de-identified health information as permitted by HIPAA, with third parties for various purposes, including analytics and research.

4. Your Rights Regarding Your Information, Including PHI

You have certain rights regarding your personal information, including PHI, under HIPAA and other applicable laws. These rights may include:

• Access and Correction: You have the right to access and obtain a copy of your PHI that we maintain, and you have the right to request that we amend any inaccuracies in your PHI.
• Accounting of Disclosures: You have the right to receive an accounting of certain disclosures of your PHI that we have made.  
• Restrictions on Use and Disclosure: You have the right to request restrictions on certain uses and disclosures of your PHI. We are not required to agree to your request in all circumstances.  
• Confidential Communications: You have the right to request that we communicate with you about your PHI in a certain way or at a certain location.  
• Notice of Privacy Practices: You have the right to receive a more detailed Notice of Privacy Practices that explains your rights and our obligations under HIPAA. This policy serves as an overview.
• Opt-Out of Marketing Communications: You can opt-out of receiving promotional emails from us by following the unsubscribe instructions in those emails or by contacting us directly. We will strive to ensure opt-out mechanisms are accessible.  
• Cookie Preferences: You can typically control cookies through your browser settings. We aim for our cookie controls to be accessible.
• Do Not Track: Our Website may not respond to “Do Not Track” signals from your browser. However, you can usually adjust your browser settings to limit tracking. We will consider accessible alternatives for managing tracking preferences.

To exercise these rights, please contact us using the contact information provided below. We may require you to submit your request in writing and may need to verify your identity before fulfilling your request. For rights related to PHI under HIPAA, please refer to our comprehensive Notice of Privacy Practices, which will be made available on our Website in an accessible format.

5. Data Security, Including PHI Security

We take the security of your personal information, including PHI, very seriously. We implement administrative, physical, and technical safeguards designed to protect your information from unauthorized access, use, disclosure, alteration, or destruction. These safeguards are consistent with HIPAA Security Rule requirements for electronic PHI. However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee the absolute security of your information.  

6. Accessibility Standards

We are committed to making our Website accessible to everyone, including individuals with disabilities. We strive to comply with the Web Content Accessibility Guidelines (WCAG) 2.1 Level AA standards. Our efforts include:  

• Providing text alternatives for non-text content.
• Ensuring sufficient color contrast.
• Making website functionality operable through a keyboard.
• Avoiding content that could cause seizures.
• Designing our website in a way that is compatible with assistive technologies.

We are continually working to improve the accessibility of our Website. If you encounter any accessibility barriers, please contact us using the information below, and we will make reasonable efforts to address them.

7. Children’s Privacy

Our Website is not intended for children under the age of 13 (or other age as required by applicable law). We do not knowingly collect personal information from children without verifiable parental consent. If you believe that we have collected personal information from a child without such consent, please contact us immediately, and we will take steps to delete the information. If our services involve the collection of health information from minors, we will comply with all applicable laws, including HIPAA and COPPA.  

8. Links to Other Websites

Our Website may contain links to third-party websites or services that are not owned or controlled by us. We are not responsible for the privacy practices or accessibility of these third-party websites. We encourage you to review the privacy policies and accessibility statements of any websites you visit.  

9. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, applicable laws (including HIPAA), or our accessibility efforts. We will post any changes on this page and update the “Last Updated” date at the top of the policy. We encourage you to review this Privacy Policy periodically. We will strive to make notifications of significant changes accessible.  

10. Contact Us

If you have any questions or concerns about this Privacy Policy, our data practices (including HIPAA), or our accessibility efforts, please contact us at:

info@max-ability.com

30 Westgate Parkway, Suite 301

Asheville, NC. 28806

800-577-1555

Important Considerations for Healthcare and Accessibility:

State Healthcare Privacy Laws: Be aware of and comply with any state-specific healthcare privacy laws that may be more stringent than HIPAA.

HIPAA Compliance: This revised policy mentions HIPAA, PHI, and Business Associate Agreements. However, full HIPAA compliance involves numerous other requirements, including implementing administrative, physical, and technical safeguards, developing detailed policies and procedures, conducting risk assessments, and providing employee training. You must consult with a HIPAA expert to ensure your practices and this policy meet all HIPAA requirements. You will also need a separate, more detailed Notice of Privacy Practices as required by HIPAA.

Accessibility Audit: Regularly conduct accessibility audits of your website using automated tools and manual testing with users with disabilities to identify and address accessibility barriers.

Accessibility Statement: Consider having a separate, more detailed Accessibility Statement on your website that outlines your commitment to accessibility, the standards you aim to meet, features you’ve implemented, and contact information for accessibility issues.

Training: Ensure your staff is trained on HIPAA regulations and accessibility best practices.

Third-Party Tools: If you use third-party tools or plugins on your website, ensure they are also accessible and HIPAA compliant where necessary.